Implement support for WebAuthN on Android via the FIDO2 GmsCore APIs
Reported by
bhs2...@gmail.com,
Jan 6 2017
|
||||||||||||||
Issue descriptionSteps to reproduce the problem: 1. Visit https://demo.yubico.com/u2f on Chrome Android 2. Connect a FIDO U2F security key via USB (e.g. a Yubikey) 3. Attempt to register a device using the demo What is the expected behavior? The U2F key can be used, like on Chrome for Desktop What went wrong? The key is ignored, and the UI prompts the user to tap the key (assuming the key supports NFC) Did this work before? No Does this work in other browsers? N/A Chrome version: 55.0.2883.91 Channel: stable OS Version: 7.0 Flash Version: I understand that up to now it would be considered rare for a user to connect a USB security key to their phone or tablet, in particular due to the need for an OTG adapter. This is about to change as USB Type-C keys[1] become adopted, no doubt accelerated by the prevalence of laptops containing Type-C ports exclusively. Given that all modern Android phones and tablets use USB-C, desire for this feature can be expected to increase. [1] https://www.yubico.com/press-releases/yubico-unveils-yubikey-4c-showstoppers-ces-worlds-first-multi-protocol-usb-c-authentication-device/
,
Jan 6 2017
,
Jan 8 2017
Right now, the U2F keys are communicating via HID interface. HID interfaces don't seem to work at all with WebUSB. So the fix should start there.
,
Jan 11 2017
Supporting HID devices in WebUSB is not an absolute prerequisite for supporting USB U2F security keys on Android. Let's limit discussion of the interaction between HID and WebUSB to issue 679314 . Moving this to the Platform>Extensions component since we don't have a better place for U2F bugs.
,
Sep 28 2017
Now when Yubico released 4C-nano, I think the development on this feature should be given priority. Especially since you can have a 4C-nano permanently in your mobile phone by simply using Qi Wireless charging. https://www.yubico.com/press-releases/yubico-launches-the-yubikey-4c-nano/
,
Oct 2 2017
,
Oct 31 2017
Support for U2F USB security keys will be provided by a GmsCore API that the WebAuthN API will call. That implementation is encompassed by https://bugs.chromium.org/p/chromium/issues/detail?id=664630, so I'm not sure we still need this bug.
,
Oct 31 2017
Feed free to either mark this as a duplicate of issue 664630 or morph this into a specific tracking bug for implementing the GmsCore support in WebAuthN.
,
Oct 31 2017
,
Mar 6 2018
,
Mar 29 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3d33e449af12861c2ca6ab5c28e947ef681371b4 commit 3d33e449af12861c2ca6ab5c28e947ef681371b4 Author: Kim Paulhamus <kpaulhamus@chromium.org> Date: Thu Mar 29 23:04:14 2018 [WebAuthn] Initial add of AuthenticatorImpl This change registers the Java implementation of authenticator.mojom behind a feature flag. The implementation currently returns "Not implemented" errors for both get() and create() calls. Bug: 678885 Change-Id: Ieebff9c70b1c227695b90ed0d045f96af1adf23d Reviewed-on: https://chromium-review.googlesource.com/927722 Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org> Reviewed-by: Nico Weber <thakis@chromium.org> Reviewed-by: Maria Khomenko <mariakhomenko@chromium.org> Cr-Commit-Position: refs/heads/master@{#547004} [modify] https://crrev.com/3d33e449af12861c2ca6ab5c28e947ef681371b4/chrome/android/BUILD.gn [modify] https://crrev.com/3d33e449af12861c2ca6ab5c28e947ef681371b4/chrome/android/java/src/org/chromium/chrome/browser/ChromeFeatureList.java [modify] https://crrev.com/3d33e449af12861c2ca6ab5c28e947ef681371b4/chrome/android/java/src/org/chromium/chrome/browser/mojo/ChromeInterfaceRegistrar.java [add] https://crrev.com/3d33e449af12861c2ca6ab5c28e947ef681371b4/chrome/android/java/src/org/chromium/chrome/browser/webauth/AuthenticatorFactory.java [add] https://crrev.com/3d33e449af12861c2ca6ab5c28e947ef681371b4/chrome/android/java/src/org/chromium/chrome/browser/webauth/AuthenticatorImpl.java [add] https://crrev.com/3d33e449af12861c2ca6ab5c28e947ef681371b4/chrome/android/java/src/org/chromium/chrome/browser/webauth/HandlerResponseCallback.java [modify] https://crrev.com/3d33e449af12861c2ca6ab5c28e947ef681371b4/chrome/android/java_sources.gni [modify] https://crrev.com/3d33e449af12861c2ca6ab5c28e947ef681371b4/chrome/android/javatests/DEPS [add] https://crrev.com/3d33e449af12861c2ca6ab5c28e947ef681371b4/chrome/android/javatests/src/org/chromium/chrome/browser/webauth/AuthenticatorTest.java [modify] https://crrev.com/3d33e449af12861c2ca6ab5c28e947ef681371b4/chrome/browser/DEPS [modify] https://crrev.com/3d33e449af12861c2ca6ab5c28e947ef681371b4/chrome/browser/android/chrome_feature_list.cc [modify] https://crrev.com/3d33e449af12861c2ca6ab5c28e947ef681371b4/chrome/browser/chrome_content_browser_client.cc [add] https://crrev.com/3d33e449af12861c2ca6ab5c28e947ef681371b4/content/test/data/android/authenticator.html [modify] https://crrev.com/3d33e449af12861c2ca6ab5c28e947ef681371b4/third_party/WebKit/public/BUILD.gn
,
Mar 31 2018
,
Apr 2 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e7513e2bbd1e84e1594ec51e875f3d410a35bf21 commit e7513e2bbd1e84e1594ec51e875f3d410a35bf21 Author: Kim Paulhamus <kpaulhamus@chromium.org> Date: Mon Apr 02 21:40:18 2018 [WebAuthN] Add U2fApiHandler to AppHooks. Bug: 678885 Change-Id: I0916fcb1e6ec72e2703c0b61f2af04aa53661ffe Reviewed-on: https://chromium-review.googlesource.com/942464 Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org> Reviewed-by: Maria Khomenko <mariakhomenko@chromium.org> Cr-Commit-Position: refs/heads/master@{#547525} [modify] https://crrev.com/e7513e2bbd1e84e1594ec51e875f3d410a35bf21/chrome/android/java/src/org/chromium/chrome/browser/AppHooks.java [modify] https://crrev.com/e7513e2bbd1e84e1594ec51e875f3d410a35bf21/chrome/android/java/src/org/chromium/chrome/browser/webauth/AuthenticatorImpl.java [add] https://crrev.com/e7513e2bbd1e84e1594ec51e875f3d410a35bf21/chrome/android/java/src/org/chromium/chrome/browser/webauth/U2fApiHandler.java [modify] https://crrev.com/e7513e2bbd1e84e1594ec51e875f3d410a35bf21/chrome/android/java_sources.gni
,
Apr 14 2018
The following revision refers to this bug: https://chrome-internal.googlesource.com/clank/internal/apps/+/bb185b771947669be2ea863a64ffc7e974e70a49 commit bb185b771947669be2ea863a64ffc7e974e70a49 Author: Kim Paulhamus <kpaulhamus@google.com> Date: Sat Apr 14 02:08:01 2018
,
May 10 2018
In v19, the FIDO2 API provides the combined functionality of the U2F and FIDO2 APIs, so calling the U2F API is no longer needed.
,
May 10 2018
Should also document that the rationale for why we decided to wait for v19 instead of moving ahead with U2F first and then adding Fido2 was that U2F would require considerably more work for u2f->webauthn serialization, most likely via JNI. Waiting a little longer for v19 seemed more reasonable.
,
Jun 4 2018
,
Jun 4 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/859ff5fa880d586a907041fd21986f2f3cd9c85e commit 859ff5fa880d586a907041fd21986f2f3cd9c85e Author: Kim Paulhamus <kpaulhamus@chromium.org> Date: Mon Jun 04 17:30:50 2018 Pass RenderFrameHost in calls to Fido2ApiHandler RFH will be used both to get the Fido2ApiClient (via context) and to get the origin of the caller. Due to crossing the upstream/downstream Clank boundary, this change must be made in stages. (1 of 3) Bug: 678885 Change-Id: I8ed3d964e67313c87c2c3dcc36d32000785b6d6d Reviewed-on: https://chromium-review.googlesource.com/1084317 Reviewed-by: Maria Khomenko <mariakhomenko@chromium.org> Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org> Cr-Commit-Position: refs/heads/master@{#564138} [modify] https://crrev.com/859ff5fa880d586a907041fd21986f2f3cd9c85e/chrome/android/java/src/org/chromium/chrome/browser/webauth/AuthenticatorImpl.java [modify] https://crrev.com/859ff5fa880d586a907041fd21986f2f3cd9c85e/chrome/android/java/src/org/chromium/chrome/browser/webauth/Fido2ApiHandler.java
,
Jun 5 2018
,
Jun 13 2018
,
Jun 19 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/389582b8789c7cc827e9a64806be733fcf2e9fd4 commit 389582b8789c7cc827e9a64806be733fcf2e9fd4 Author: Kim Paulhamus <kpaulhamus@chromium.org> Date: Tue Jun 19 17:38:30 2018 Add Fido GmsCore API to Chrome on Android builds Bug: 678885 Change-Id: I52f8062a480c2657827dffda231382f48b2b6ef6 Reviewed-on: https://chromium-review.googlesource.com/1096536 Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org> Reviewed-by: Maria Khomenko <mariakhomenko@chromium.org> Cr-Commit-Position: refs/heads/master@{#568516} [modify] https://crrev.com/389582b8789c7cc827e9a64806be733fcf2e9fd4/chrome/android/BUILD.gn
,
Jun 20 2018
The following revision refers to this bug: https://chrome-internal.googlesource.com/clank/internal/apps/+/f8d0becf9b71d1ec62d49388b6fcad855481b44f commit f8d0becf9b71d1ec62d49388b6fcad855481b44f Author: Kim Paulhamus <kpaulhamus@google.com> Date: Wed Jun 20 15:29:43 2018
,
Jun 20 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c59ae09b32f11b2fc540aec1730b7fec0eed7cdd commit c59ae09b32f11b2fc540aec1730b7fec0eed7cdd Author: Kim Paulhamus <kpaulhamus@chromium.org> Date: Wed Jun 20 17:27:28 2018 Make the call to Fido2ApiHandlerInternal.makeCredential Also permit a mock instance of the Fido2ApiHandler to be set for testing. Bug: 678885 Change-Id: I1ca03058becbd8dbc5f71ef814bb6b47b37868f6 Reviewed-on: https://chromium-review.googlesource.com/1096539 Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org> Reviewed-by: Maria Khomenko <mariakhomenko@chromium.org> Cr-Commit-Position: refs/heads/master@{#568896} [modify] https://crrev.com/c59ae09b32f11b2fc540aec1730b7fec0eed7cdd/chrome/android/java/src/org/chromium/chrome/browser/webauth/AuthenticatorImpl.java [modify] https://crrev.com/c59ae09b32f11b2fc540aec1730b7fec0eed7cdd/chrome/android/java/src/org/chromium/chrome/browser/webauth/Fido2ApiHandler.java [modify] https://crrev.com/c59ae09b32f11b2fc540aec1730b7fec0eed7cdd/chrome/android/javatests/src/org/chromium/chrome/browser/webauth/AuthenticatorTest.java
,
Jun 22 2018
The following revision refers to this bug: https://chrome-internal.googlesource.com/clank/internal/apps/+/e345d9eec60206033242318986d448d028f7d499 commit e345d9eec60206033242318986d448d028f7d499 Author: Kim Paulhamus <kpaulhamus@google.com> Date: Fri Jun 22 18:49:07 2018
,
Jun 22 2018
The following revision refers to this bug: https://chrome-internal.googlesource.com/clank/internal/apps/+/904ed2f953d612937e299d77cdee33f403b53ae7 commit 904ed2f953d612937e299d77cdee33f403b53ae7 Author: Kim Paulhamus <kpaulhamus@google.com> Date: Fri Jun 22 19:29:47 2018
,
Jun 22 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/86181d1a88357fd1eaedb143c8b14011ca6543a3 commit 86181d1a88357fd1eaedb143c8b14011ca6543a3 Author: Kim Paulhamus <kpaulhamus@chromium.org> Date: Fri Jun 22 19:33:25 2018 Make the call to Fido2ApiHandlerInternal.getAssertion. Removes the NOT_IMPLEMENTED placeholder. Bug: 678885 Change-Id: I4572dc2e6aad8019b383b93173b7962cc97ad60d Reviewed-on: https://chromium-review.googlesource.com/1109498 Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org> Reviewed-by: Ted Choc <tedchoc@chromium.org> Reviewed-by: Wei-Yin Chen (陳威尹) <wychen@chromium.org> Cr-Commit-Position: refs/heads/master@{#569734} [modify] https://crrev.com/86181d1a88357fd1eaedb143c8b14011ca6543a3/chrome/android/java/src/org/chromium/chrome/browser/webauth/AuthenticatorImpl.java
,
Jun 26 2018
The following revision refers to this bug: https://chrome-internal.googlesource.com/clank/internal/apps/+/96882363c96990e9559bc1dc8dd37403a597b87f commit 96882363c96990e9559bc1dc8dd37403a597b87f Author: Kim Paulhamus <kpaulhamus@google.com> Date: Tue Jun 26 06:12:03 2018
,
Jun 27 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ae635a35972095fee0593f6fb5c73ab1b6fa5445 commit ae635a35972095fee0593f6fb5c73ab1b6fa5445 Author: Kim Paulhamus <kpaulhamus@chromium.org> Date: Wed Jun 27 07:30:54 2018 Expose UI flag and enable WebAuthN by default on Android Bug: 678885 Change-Id: If395f541fbf5da01531b8dd5c6a04cccca2832d6 Reviewed-on: https://chromium-review.googlesource.com/1108355 Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#570687} [modify] https://crrev.com/ae635a35972095fee0593f6fb5c73ab1b6fa5445/chrome/browser/about_flags.cc [modify] https://crrev.com/ae635a35972095fee0593f6fb5c73ab1b6fa5445/chrome/browser/flag_descriptions.cc [modify] https://crrev.com/ae635a35972095fee0593f6fb5c73ab1b6fa5445/chrome/browser/flag_descriptions.h
,
Jul 18
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/31f6142cf232f5da83c1f2661558257b723e655f commit 31f6142cf232f5da83c1f2661558257b723e655f Author: Kim Paulhamus <kpaulhamus@chromium.org> Date: Wed Jul 18 02:01:13 2018 Check for GmsCore v19 prior to using the Fido2 APIs. Bug: 678885 Change-Id: I7d9f7d7776171f702bf1d79b4ad0e740c68511b8 Reviewed-on: https://chromium-review.googlesource.com/1139577 Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org> Reviewed-by: Wei-Yin Chen (陳威尹) <wychen@chromium.org> Cr-Commit-Position: refs/heads/master@{#575903} [modify] https://crrev.com/31f6142cf232f5da83c1f2661558257b723e655f/chrome/android/java/src/org/chromium/chrome/browser/webauth/AuthenticatorImpl.java [modify] https://crrev.com/31f6142cf232f5da83c1f2661558257b723e655f/chrome/android/java/src/org/chromium/chrome/browser/webauth/Fido2ApiHandler.java
,
Jul 19
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9cccf79adc17c0a927749599cd724338c2e832d6 commit 9cccf79adc17c0a927749599cd724338c2e832d6 Author: Kim Paulhamus <kpaulhamus@chromium.org> Date: Thu Jul 19 02:23:40 2018 Update authenticator.mojom's error codes and DomException messages. - Remove messages that no longer apply now that CTAP2 is implemented on desktop - Add Android-only error messages. I prepended these with 'ANDROID' for clarity. Bug: 678885 Change-Id: I96e5850752829c0b1e454837a9e1d1fdfa3a9630 Reviewed-on: https://chromium-review.googlesource.com/1139578 Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#576332} [modify] https://crrev.com/9cccf79adc17c0a927749599cd724338c2e832d6/components/password_manager/content/common/credential_manager_mojom_traits.cc [modify] https://crrev.com/9cccf79adc17c0a927749599cd724338c2e832d6/third_party/WebKit/LayoutTests/http/tests/credentialmanager/credentialscontainer-create-basics.html [modify] https://crrev.com/9cccf79adc17c0a927749599cd724338c2e832d6/third_party/blink/public/platform/modules/credentialmanager/credential_manager.mojom [modify] https://crrev.com/9cccf79adc17c0a927749599cd724338c2e832d6/third_party/blink/public/platform/modules/webauth/authenticator.mojom [modify] https://crrev.com/9cccf79adc17c0a927749599cd724338c2e832d6/third_party/blink/renderer/modules/credentialmanager/credential_manager_type_converters.cc [modify] https://crrev.com/9cccf79adc17c0a927749599cd724338c2e832d6/third_party/blink/renderer/modules/credentialmanager/credentials_container.cc
,
Jul 30
Not going to make M69. Updating target label.
,
Aug 3
The following revision refers to this bug: https://chrome-internal.googlesource.com/clank/internal/apps/+/c682407ce650d6eb1335a0cf033a6e8f75833001 commit c682407ce650d6eb1335a0cf033a6e8f75833001 Author: Kim Paulhamus <kpaulhamus@google.com> Date: Fri Aug 03 19:42:13 2018
,
Aug 10
,
Aug 15
,
Aug 16
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1b331d20e1f35829e568af957ca9bd4884f0734c commit 1b331d20e1f35829e568af957ca9bd4884f0734c Author: Kim Paulhamus <kpaulhamus@chromium.org> Date: Thu Aug 16 22:34:40 2018 Enable WebAuthN on Android by default Bug: 678885 Change-Id: If95f75082e1ad44be008540aa93b59ec1f687cf8 Reviewed-on: https://chromium-review.googlesource.com/1176736 Reviewed-by: John Abd-El-Malek <jam@chromium.org> Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org> Cr-Commit-Position: refs/heads/master@{#583862} [modify] https://crrev.com/1b331d20e1f35829e568af957ca9bd4884f0734c/content/public/common/content_features.cc |
||||||||||||||
►
Sign in to add a comment |
||||||||||||||
Comment 1 by rsgav...@chromium.org
, Jan 6 2017Status: Assigned (was: Unconfirmed)